build: Enable React Compiler

[MajorLift]

Description

This commit enables React Compiler. We can expect long-term UI performance benefits and developer time savings from this change. The Compiler passively and transparently adds memoization code for React components and hooks, among other optimizations, and enforces correctness of new code via the react-compiler/react-compiler ESLint rule.

Due to the large size of the PR, I've created sub-PRs with meaningful commit histories that can be referenced during review. These correspond to the first four commits in this branch:

• build(react-compiler): 02 - Set up React Compiler for ESLint, Webpack, Babel #37386
  • Mainly of interest to Extension Platform and Policy Reviewers.
• build(react-compiler): 03 - Fix formatting violations of react-compiler/react-compiler ESLint rule #37408
  • Does not require close review. Lint fixes and renames.
• build(react-compiler): 04 - Fix logical violations of react-compiler/react-compiler ESLint rule #37388
  • Requires close review. Contains potential breaking changes.
• build(react-compiler): 05: Fix CI errors from react-compiler lint fixes #37396
  • Contains logical changes and refactors.

Review comments or suggestions made in the sub-PRs will be addressed/cherry-picked here. Approvals should be directed towards this PR.

Changelog

CHANGELOG entry: null (non-user facing but regressions possible)

Related issues

Fixes: #33059

Manual testing steps

1. Go to this page...

Screenshots/Recordings

Before

After

Pre-merge author checklist

• I've followed MetaMask Contributor Docs and MetaMask Extension Coding Standards.
• I've completed the PR template to the best of my ability
• I’ve included tests if applicable
• I’ve documented my code using JSDoc format if applicable
• I’ve applied the right labels on the PR (see labeling guidelines). Not required for external contributors.

Pre-merge reviewer checklist

• I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
• I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

---

Note

Enable React Compiler in the build (Babel/Webpack/ESLint) and refactor codebase, tests, and policies for compiler correctness and stability.

• Build & Tooling:
  • Enable React Compiler via Babel (babel-plugin-react-compiler) and Webpack (react-compiler-webpack) with centralized reactCompilerOptions and targeted sources gating.
  • Add react-compiler-runtime dependency and wire into build.
  • Update ESLint to include eslint-plugin-react-compiler and enforce react-compiler/react-compiler rule; bump eslint-plugin-react/hooks.
  • Update depcheck and multiple LavaMoat policies to allow new compiler/ESLint packages.
• Config & Infrastructure:
  • Inject compiler loader before existing TS/JS loaders in Webpack; add Babel plugin and config for React 17 target.
  • Add policy overrides for compiler packages; adjust Babel-related LavaMoat mappings.
• Codebase Adjustments for Compiler Correctness:
  • Widespread hook/closure fixes (stable deps, useMemo/useCallback, optional chaining, avoid mutation), cleanup of effect deps, and safe timer/abort handling.
  • Replace deprecated/unsafe patterns (e.g., instanceof Array -> Array.isArray, avoid mutating props/params, add key props).
  • Selector/API renames (e.g., useSafeChainsListValidationSelector → getUseSafeChainsListValidation, use4ByteResolutionSelector → getUse4ByteResolution); allow undefined ownerId across alerts flow.
  • Tighten types and utilities (asset type guards, safer reducers/selectors, handle undefined confirmation/coverage IDs, misc bug fixes).
  • Tests updated to use renderHook, new selectors, and mocking patterns.
• Misc:
  • Minor UI/logic tweaks (e.g., fetching/exchange rate flow, polling stability, AssetPage non-mutation, QR camera/init refactors).

^{Written by Cursor Bugbot for commit 765ad21. This will update automatically on new commits. Configure here.}

[github-actions]

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	react-compiler-runtime@​19.1.0-rc.3
	babel-plugin-react-compiler@​19.1.0-rc.3
	eslint-plugin-react@​7.30.1 ⏵ 7.37.5
	react-compiler-webpack@​0.2.1
	eslint-plugin-react-compiler@​19.1.0-rc.2
	eslint-plugin-react-hooks@​4.6.0 ⏵ 5.2.0			+7

View full report

[socket-security]

Caution

MetaMask internal reviewing guidelines:

• Do not ignore-all
• Each alert has instructions on how to review if you don't know what it means. If lost, ask your Security Liaison or the supply-chain group
• Copy-paste ignore lines for specific packages or a group of one kind with a note on what research you did to deem it safe.
  @SocketSecurity ignore npm/PACKAGE@VERSION

Action	Severity	Alert  (click "▶" to expand/collapse)
Block		Publisher changed: npm async-function is now published by ljharb instead of eduardorfs New Author: ljharb Previous Author: eduardorfs From: ? → npm/[email protected] → npm/[email protected] ℹ Read more on: This package | This alert | What is new author? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Scrutinize new collaborator additions to packages because they now have the ability to publish code into your dependency tree. Packages should avoid frequent or unnecessary additions or changes to publishing rights. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Publisher changed: npm string.prototype.repeat is now published by nicolo-ribaudo instead of mathias New Author: nicolo-ribaudo Previous Author: mathias From: ? → npm/[email protected] → npm/[email protected] ℹ Read more on: This package | This alert | What is new author? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Scrutinize new collaborator additions to packages because they now have the ability to publish code into your dependency tree. Packages should avoid frequent or unnecessary additions or changes to publishing rights. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Deprecated by its maintainer: npm @babel/plugin-proposal-private-methods Reason: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-private-methods instead. From: ? → npm/[email protected] → npm/@babel/[email protected] ℹ Read more on: This package | This alert | What is a deprecated package? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Research the state of the package and determine if there are non-deprecated versions that can be used, or if it should be replaced with a new, supported solution. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@babel/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

[metamaskbot]

✨ Files requiring CODEOWNER review ✨

🔑 @MetaMask/accounts-engineers (2 files, +5 -2)

• 📁 ui/
  • 📁 components/
    • 📁 app/
      • 📁 identity/
        • 📁 backup-and-sync-features-toggles/
          • 📄 backup-and-sync-features-toggles.tsx +5 -1
    • 📁 multichain/
      • 📁 account-list-item-menu/
        • 📄 account-list-item-menu.js +0 -1

---

👨‍🔧 @MetaMask/core-extension-ux (1 files, +0 -1)

• 📁 ui/
  • 📁 components/
    • 📁 multichain/
      • 📁 account-list-item-menu/
        • 📄 account-list-item-menu.js +0 -1

---

🫰 @MetaMask/core-platform (1 files, +3 -0)

• 📁 ui/
  • 📁 components/
    • 📁 app/
      • 📁 snaps/
        • 📁 snap-ui-renderer/
          • 📄 snap-ui-renderer.js +3 -0

---

🎨 @MetaMask/design-system-engineers (2 files, +4 -1)

• 📁 ui/
  • 📁 components/
    • 📁 component-library/
      • 📁 select-wrapper/
        • 📄 select-wrapper.stories.tsx +2 -1
      • 📁 text-field/
        • 📄 text-field.tsx +2 -0

---

🧩 @MetaMask/extension-devs (7 files, +587 -266)

• 📁 lavamoat/
  • 📁 browserify/
    • 📁 beta/
      • 📄 policy.json +46 -38
    • 📁 experimental/
      • 📄 policy.json +46 -38
    • 📁 flask/
      • 📄 policy.json +46 -38
    • 📁 main/
      • 📄 policy.json +46 -38
  • 📁 build-system/
    • 📄 policy-override.json +18 -1
    • 📄 policy.json +347 -75
  • 📁 webpack/
    • 📄 policy.json +38 -38

---

💎 @MetaMask/metamask-assets (2 files, +2 -4)

• 📁 ui/
  • 📁 components/
    • 📁 app/
      • 📁 assets/
        • 📁 token-cell/
          • 📄 token-cell.test.tsx +2 -2
        • 📁 token-list/
          • 📄 token-list.tsx +0 -2

---

📜 @MetaMask/policy-reviewers (7 files, +587 -266)

• 📁 lavamoat/
  • 📁 browserify/
    • 📁 beta/
      • 📄 policy.json +46 -38
    • 📁 experimental/
      • 📄 policy.json +46 -38
    • 📁 flask/
      • 📄 policy.json +46 -38
    • 📁 main/
      • 📄 policy.json +46 -38
  • 📁 build-system/
    • 📄 policy-override.json +18 -1
    • 📄 policy.json +347 -75
  • 📁 webpack/
    • 📄 policy.json +38 -38

Tip

Follow the policy review process outlined in the LavaMoat Policy Review Process doc before expecting an approval from Policy Reviewers.

---

🔗 @MetaMask/supply-chain (7 files, +587 -266)

• 📁 lavamoat/
  • 📁 browserify/
    • 📁 beta/
      • 📄 policy.json +46 -38
    • 📁 experimental/
      • 📄 policy.json +46 -38
    • 📁 flask/
      • 📄 policy.json +46 -38
    • 📁 main/
      • 📄 policy.json +46 -38
  • 📁 build-system/
    • 📄 policy-override.json +18 -1
    • 📄 policy.json +347 -75
  • 📁 webpack/
    • 📄 policy.json +38 -38

[MajorLift]

https://github.com/SocketSecurity ignore npm/@babel/[email protected]
This is a transitive dependency of eslint-plugin-react-compiler@npm:^19.1.0-rc.2. We'll be able to remove the deprecated version from the dependency tree once we upgrade to React v18-19, and then to an up-to-date version of eslint-plugin-react-compiler.

https://github.com/SocketSecurity ignore npm/[email protected] npm/[email protected]
New authors are reputable with significant contribution history in related packages.

[metamaskbot]

Builds ready [3eabf52]

• builds: chrome, firefox
• builds (beta): chrome, firefox
• builds (flask): chrome, firefox
• builds (test): chrome, firefox
• builds (test-flask): chrome, firefox
• lavamoat build viz: Build System
• bundle size: Bundle Size Stats
• user-actions-benchmark: User Actions Stats
• storybook: Storybook
• typescript migration: Dashboard
• all artifacts
• bundle viz:

  • background: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9
  • common: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14
  • ui: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17
  • content-script: 0
  • offscreen: 0

UI Startup Metrics (1311 ± 102 ms)

Platform	BuildType	Page	Metric	Mean (ms)	Min (ms)	Max (ms)	Std Dev (ms)	P 75 (ms)	P 95 (ms)
Chrome	Browserify	Standard Home	uiStartup	1311	1129	1557	102	1389	1480
			load	1129	968	1347	94	1204	1293
			domContentLoaded	1122	961	1338	93	1199	1280
			domInteractive	23	14	128	16	21	51
			firstPaint	591	101	1345	447	1123	1260
			backgroundConnect	230	219	263	8	235	246
			firstReactRender	31	20	167	16	35	48
			getState	21	8	50	7	24	33
			initialActions	6	1	68	8	6	17
			loadScripts	898	738	1112	93	970	1052
			setupStore	10	7	26	3	11	15
			numNetworkReqs	13	6	79	21	6	76
	Browserify	Power User Home	uiStartup	2035	1747	2781	383	2555	2781
			load	1067	914	1498	211	1361	1498
			domContentLoaded	1059	907	1490	210	1347	1490
			domInteractive	27	15	70	17	44	70
			firstPaint	598	197	1369	374	946	1369
			backgroundConnect	236	216	269	16	252	269
			firstReactRender	27	25	31	2	27	31
			getState	177	150	290	32	182	290
			initialActions	5	1	13	3	5	13
			loadScripts	834	684	1241	200	1100	1241
			setupStore	13	9	28	6	12	28
			numNetworkReqs	159	103	318	89	308	318
	Webpack	Standard Home	uiStartup	826	685	1224	94	842	1075
			load	604	542	934	80	608	846
			domContentLoaded	596	535	908	76	602	820
			domInteractive	16	11	49	8	14	38
			firstPaint	208	55	882	212	169	819
			backgroundConnect	27	12	79	13	30	61
			firstReactRender	28	17	62	8	33	36
			getState	12	6	28	4	14	18
			initialActions	3	0	15	3	4	9
			loadScripts	593	533	900	75	600	812
			setupStore	10	5	21	3	12	16
			numNetworkReqs	14	6	75	19	8	72
	Webpack	Power User Home	uiStartup	1332	1178	1946	235	1531	1946
			load	693	596	1017	134	780	1017
			domContentLoaded	669	586	916	112	745	916
			domInteractive	25	13	73	20	50	73
			firstPaint	369	83	980	307	619	980
			backgroundConnect	76	18	214	72	183	214
			firstReactRender	28	24	59	8	26	59
			getState	139	66	163	26	154	163
			initialActions	3	1	14	3	5	14
			loadScripts	664	584	905	109	734	905
			setupStore	9	6	26	5	9	26
			numNetworkReqs	149	98	286	75	271	286
Firefox	Browserify	Standard Home	uiStartup	1477	1294	1973	134	1543	1743
			load	1265	1113	1629	94	1322	1440
			domContentLoaded	1265	1113	1629	94	1322	1440
			domInteractive	121	35	454	60	124	231
			firstPaint	-	-	-	-	-	-
			backgroundConnect	43	24	135	20	52	83
			firstReactRender	26	21	64	6	26	44
			getState	10	4	197	20	8	26
			initialActions	4	1	27	3	3	12
			loadScripts	1240	1093	1600	90	1302	1414
			setupStore	12	6	55	7	11	33
			numNetworkReqs	12	6	68	16	7	61
	Browserify	Power User Home	uiStartup	2595	2290	3317	329	2844	3317
			load	1473	1258	1905	204	1649	1905
			domContentLoaded	1473	1257	1905	204	1648	1905
			domInteractive	227	96	523	159	362	523
			firstPaint	-	-	-	-	-	-
			backgroundConnect	74	27	178	45	124	178
			firstReactRender	43	32	67	10	52	67
			getState	150	108	210	34	189	210
			initialActions	11	1	46	15	30	46
			loadScripts	1444	1231	1875	202	1623	1875
			setupStore	38	7	170	50	48	170
			numNetworkReqs	139	70	335	99	236	335
	Webpack	Standard Home	uiStartup	1599	1412	2102	127	1631	1918
			load	1365	1211	1626	87	1399	1541
			domContentLoaded	1365	1211	1625	87	1399	1540
			domInteractive	97	30	239	34	112	158
			firstPaint	-	-	-	-	-	-
			backgroundConnect	46	22	134	20	53	88
			firstReactRender	31	22	74	13	30	72
			getState	8	4	43	6	9	16
			initialActions	5	1	40	7	4	17
			loadScripts	1337	1194	1604	83	1371	1502
			setupStore	17	7	207	23	13	42
			numNetworkReqs	13	6	70	18	7	67
	Webpack	Power User Home	uiStartup	2487	2135	3147	342	2845	3147
			load	1448	1253	1799	183	1677	1799
			domContentLoaded	1447	1253	1799	183	1676	1799
			domInteractive	122	72	288	66	183	288
			firstPaint	-	-	-	-	-	-
			backgroundConnect	106	31	252	75	213	252
			firstReactRender	46	31	92	18	58	92
			getState	119	73	176	24	134	176
			initialActions	11	2	63	16	11	63
			loadScripts	1412	1233	1740	172	1638	1740
			setupStore	38	6	104	36	77	104
			numNetworkReqs	134	61	338	106	240	338

📊 Page Load Benchmark Results

Current Commit: 3eabf52 | Date: 11/3/2025

📄 Localhost MetaMask Test Dapp

Samples: 100

Summary

• pageLoadTime-> current mean value: 1.05s (±64ms) 🟡 | historical mean value: 1.04s ⬆️ (historical data)
• domContentLoaded-> current mean value: 737ms (±62ms) 🟢 | historical mean value: 726ms ⬆️ (historical data)
• firstContentfulPaint-> current mean value: 78ms (±15ms) 🟢 | historical mean value: 77ms ⬆️ (historical data)

📈 Detailed Results

Metric	Mean	Std Dev	Min	Max	P95	P99
pageLoadTime	1.05s	64ms	1.02s	1.37s	1.26s	1.37s
domContentLoaded	737ms	62ms	706ms	1.03s	940ms	1.03s
firstPaint	78ms	15ms	60ms	216ms	88ms	216ms
firstContentfulPaint	78ms	15ms	60ms	216ms	88ms	216ms
largestContentfulPaint	0ms	0ms	0ms	0ms	0ms	0ms

Bundle size diffs [🚨 Warning! Bundle size has increased!]

• background: 68 Bytes (0%)
• ui: 497.07 KiB (7%)
• common: 38.75 KiB (0.45%)

[cursor]

Bug: Misnamed Component Violates React Hook Naming Conventions

The useComponentWithRouterHooks function is named like a React hook but is actually a component. This violates React naming conventions and can confuse tools like React Compiler and linters.

 

[cursor]

Bug: Redundant Type Guard Breaks Notification Safety

The function signature was changed to accept OnChainRawNotificationsWithNetworkFields instead of OnChainRawNotification, but inside the function there's still a type guard hasNetworkFeeFields(notification) that checks if the notification has network fee fields. This check will always pass due to the stricter type parameter, making the subsequent error throw unreachable. The type guard is now redundant and the error path can never execute, but more critically, this means callers could pass invalid notifications without type safety protection.

 

[cursor]

Bug: Undefined ownerId handling causes data collision

The action types changed ownerId from string to string | undefined, and the reducer uses [action.ownerId ?? ''] as a fallback. However, using an empty string as a key when ownerId is undefined will cause all undefined ownerIds to be grouped together under the same empty string key, potentially causing data corruption or unexpected behavior. This should either reject undefined ownerIds or use a more explicit sentinel value.

 

[georgewrmarshall]

Approving component library changes on behalf of the @MetaMask/design-system-engineers